Table of Contents
Identity and access management (IAM) architectures provide frameworks for protecting data and resources. Internal networks establish security boundaries in on-premises systems. In cloud environments, perimeter networks and firewalls aren’t sufficient for managing access to apps and data. Instead, public cloud systems rely on identity solutions for boundary security.
An identity solution controls access to an organization’s apps and data. Users, devices, and applications have identities. IAM components support the authentication and authorization of these and other identities. The process of authentication controls who or what uses an account. Authorization controls what that user can do in applications.
Whether you’re just starting to evaluate identity solutions or looking to expand your current implementation, Azure offers many options. One example is Azure Active Directory (Azure AD), a cloud service that provides identity management and access control capabilities. To decide on a solution, start by learning about this service and other Azure components, tools, and reference architectures.
Introduction to identity on Azure
If you’re new to IAM, the best place to start is with Microsoft Learn. This free online training platform offers videos, tutorials, and hands-on learning for various products and services.
The following resources can help you learn the core concepts of IAM.
Learning paths
Modules
Path to production
After you’ve covered the fundamentals of identity management, the next step is to develop your solution.
Design
To explore options for identity solutions, consult these resources:
-
For a comparison of three services that provide access to a central identity, see Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services.
-
To learn how to make IAM resilient, see Resilient identity and access management with Azure AD.
-
To compare options for reducing latency when integrating with an Azure network, see Integrate on-premises AD with Azure.
-
For information on associating billing offers with an Azure AD tenant, see Azure billing offers and Active Directory tenants.
-
To evaluate options for an identity and access foundation, see Azure identity and access management design area.
-
To explore ways to organize resources that you deploy to the cloud, see Resource organization.
-
For a comparison of various authentication options, see Choose the right authentication method for your Azure Active Directory hybrid identity solution.
-
For a comprehensive hybrid identity solution, see How Azure AD Delivers Cloud Governed Management for On-Premises Workloads.
-
To learn how Azure AD Connect integrates on-premises directories with Azure AD, see What is Azure AD Connect?.
Implementation
When you’ve decided on an approach, implementation comes next. For deployment recommendations, see these resources:
Best practices
Suite of baseline implementations
These reference architectures provide baseline implementations for various scenarios:
Stay current with identity
Azure AD receives improvements on an ongoing basis.
Additional resources
The following resources provide practical recommendations and information for specific scenarios.
